Lucene search
K

7110 matches found

RedhatCVE
RedhatCVE
added 2026/04/01 5:3 p.m.3 views

CVE-2026-4267

The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$SERVER'REQUESTURI'’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS6AI score0.00302EPSS
Exploits0References1
NVD
NVD
added 2026/04/01 4:23 p.m.4 views

CVE-2025-67805

A non-default configuration in Sage DPW 202506004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Clou...

7.5CVSS0.00287EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/01 10:58 a.m.9 views

CVE-2026-3881

The Performance Monitor WordPress plugin through 1.0.6 does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attacks...

5.8CVSS5.9AI score0.00259EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/01 10:19 a.m.4 views

WordPress Query Monitor plugin <= 3.20.3 - Reflected Cross-Site Scripting via Request URI vulnerability

Reflected Cross-Site Scripting via Request URI vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Query Monitor versions = 3.20.3...

7.2CVSS5.9AI score0.00302EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/01 7:30 a.m.2 views

CVE-2026-5259

A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the file frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AlarmController.java of the component Alarm Preview. Executing a manipulation can lead to...

6.5CVSS5.5AI score0.00201EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/04/01 2:30 a.m.8 views

WordPress Performance Monitor plugin <= 1.0.6 - Unauthenticated Blind SSRF vulnerability

Unauthenticated Blind SSRF vulnerability discovered by Afshin Shekaari in WordPress Plugin Performance Monitor versions = 1.0.6...

5.8CVSS5.9AI score0.00259EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/01 12:1 a.m.12 views

OpenClaw: Google Chat and Zalouser group sender allowlist bypass via policy downgrade

Summary When only a route-level group allowlist was configured, sender policy resolution silently downgraded from allowlist to open instead of preserving the configured group policy. Impact Any member of an allowlisted Google Chat space or Zalouser group could interact with the bot even when the...

5.3CVSS5.9AI score0.00297EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/04/01 12:0 a.m.23 views

CVE-2025-67805

A non-default configuration in Sage DPW 202506004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Clou...

5.9CVSS0.00287EPSS
Exploits0References2
CVE
CVE
added 2026/04/01 12:0 a.m.8 views

CVE-2025-67805

Sage DPW 2025_06_004 contains a non-default configuration exposing unauthenticated access to diagnostic endpoints of the Database Monitor, allowing exposure of hashes and table names. The feature is disabled by default in all installations and never available in Sage DPW Cloud; Red Hat/NVD/ENISA/...

7.5CVSS5.9AI score0.00287EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/01 12:0 a.m.2 views

CVE-2025-67805

A non-default configuration in Sage DPW 202506004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Clou...

5.9CVSS5.9AI score0.00287EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29528

A non-default configuration in Sage DPW 2025 06 004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW...

5.9CVSS5.9AI score0.00287EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/31 9:31 p.m.5 views

EUVD-2026-17585

The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a...

9.3CVSS5.9AI score0.00387EPSS
Exploits0References2
NVD
NVD
added 2026/03/31 7:16 p.m.5 views

CVE-2026-3356

The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a...

9.3CVSS0.00387EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/31 6:40 p.m.1 views

CVE-2026-3356

The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a...

9.3CVSS5.9AI score0.00387EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/31 6:40 p.m.2 views

CVE-2026-3356 Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum Monitor

The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a...

9.3CVSS5.9AI score0.00387EPSS
Exploits0References1
CVE
CVE
added 2026/03/31 6:40 p.m.20 views

CVE-2026-3356

The CVE-2026-3356 entry concerns the MS27102A Remote Spectrum Monitor, a device that exposes an authentication bypass vulnerability. The providedConnected documents (Red Hat, ENISA EUVD, NVD/NVD-related, CISA ICS advisory, AttackersKB, CVE listing, and PT-Security) consistently describe a flaw in...

9.3CVSS5.9AI score0.00387EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/31 6:40 p.m.23 views

CVE-2026-3356 Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum Monitor

The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a...

9.3CVSS0.00387EPSS
Exploits0References1
NVD
NVD
added 2026/03/31 12:16 p.m.6 views

CVE-2026-4267

The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$SERVER'REQUESTURI'’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS0.00302EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/31 11:29 a.m.25 views

CVE-2026-4267 Query Monitor <= 3.20.3 - Reflected Cross-Site Scripting via Request URI

The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$SERVER'REQUESTURI'’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS0.00302EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/31 11:29 a.m.3 views

CVE-2026-4267

The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$SERVER'REQUESTURI'’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS6AI score0.00302EPSS
Exploits0References6
Rows per page
Query Builder